Summary of Testimony of Deirdre Mulligan,
Staff Counsel, Center for Democracy and Technologybefore the Senate Committee on Commerce, Science and Transportation Subcommittee on Communications
September 23, 1998

The Center for Democracy and Technology is pleased to participate in this hearing, at the request of the Subcommittee, on the Childrens Online Privacy Protection Act (S. 2326) and the broader issue of protecting individual privacy in the online environment. CDT is a non-profit, public interest organization dedicated to developing and implementing public policies to protect and advance civil liberties and democratic values on the Internet. One of our core goals is to enhance privacy protections for individuals in the development and use of new communications technologies.

CDT believes that it is time for Congress and relevant stake-holders to develop a bi-partisan national privacy policy for the Internet. Protecting privacy will require a multi-faceted approach: it requires the establishment of legal baselines to protect privacy and their enforcement; an ongoing effort by industry to self-regulate; and, the availability of technologies that protect privacy and facilitate good business practices on the Internet.

The time is right to enact federal privacy protections for the electronic environment, which will support the work of privacy-aware companies and increase the viability of online commerce, by developing a regulatory baseline of privacy protections in the private sector. Public anxiety is high and surveys have indicated that privacy concerns are discouraging people from using the technology to full advantage. Leading companies and trade associations have recognized the need for privacy protections and begun the task of developing them. Unfortunately many more companies are not responding to privacy concerns raised by the public and government officials. By acting to protect privacy now Congress can establish a leveling policy and practice playing field, establish a viable benchmark for oversight, enforcement and redress, and grow confidence in the medium.

To accomplish this Congress should enact legislation enabling the Federal Trade Commission to craft baselines for protecting privacy during commercial interactions. Through a notice and comment rule-making and other FTC procedures, rules that protect privacy and are tailored to the specific concerns of various business sectors can be crafted.

Similarly, the FTCs expertise and the notice and rule-making process provide a forum to develop appropriate rules to protect childrens privacy. CDT believes that the Childrens Online Privacy Protection Act (S. 2326), which follows this framework, if amended to address concerns weve raised would be an appropriate first step toward protecting privacy online. However the bill as introduced may unintentionally interfere with teenagers ability to access information and enjoy the interactivity of the Internet. As applied to teenagers the provisions that: 1) require parental notification every time a teenager provides an email address to a Web site that engages in commerce (including for-profit and non-profit Web sites); and, 2) create a parental right to access all information that a teenager has shared with a Web site that engages in commerce, have the potential to chill protected First Amendment activities and undermine rather than enhance teenagers privacy. In addition, we believe that requiring parental consent for email interactions between children and Web sites will prove cumbersome and interfere with childrens ability to ask questions and access information. This is particularly true where childrens access to the World Wide Web is through the school, library or other public institution. We believe that where an email will only be used to respond to a specific request for a child and will not be used by the business for other purposes, allowing children to use email without parental consent would protect privacy and better preserve the interactivity of childrens online experience. We have expressed our concerns to Senator Bryan and will continue to work with him and the Subcommittee to address them.

In addition to crafting federal rules to protect privacy, we must look to technologies that protect privacy. Legislation and self-regulation combined may still fall short of providing the strongest privacy protections. Technologies can provide protection across the global and decentralized environment of the Internet where law or self-regulation may fail. Technologies that protect individuals ability to access information and engage in transactions anonymously, such as anonymous browsing and email services and anonymous payment mechanisms, must be promoted. But the Internet is more than a tool for Web surfing, it is increasingly becoming an avenue for commerce. In instances where people choose to provide information they must be able to understand what rules govern the entity to whom they are providing it. Tools such as the World Wide Web Consortiums Platform for Privacy Preferences (P3P) which facilitate the provision of notice and allow people to make decisions based on information about an entities privacy practices are needed to drive the adoption of good policies, and create a demand for privacy practices.

We look forward to working with Senators Burns and Bryan and the rest of the Subcommittee to improve the Childrens Online Privacy Protection Act (S. 2326), and to develop privacy protections for all Americans regardless of their age.

We strongly believe that appropriate legislation can protect privacy and aid electronic commerce by creating a level policy and practice playing field and a viable benchmark for oversight, enforcement, and redress. Coupled with ongoing efforts at self-regulation and technologies that protect anonymity and ensure that when individuals choose to share personal information they do so with full information, enabling the FTC to craft rules that protect childrens and adults privacy will ensure that good privacy practices become the standard for entities operating online.